You are viewing the documentation for Blueriq 15. Documentation for other versions is available in our documentation directory.
1. Documentation
Documentation on the new features and improvements of this release is linked in the respective topics.
2. Upgrade Instructions
For this release there are no specific upgrade instructions.
As a best practice
- backup your repository
- backup your database before running scripts
- backup your
spring.config.additional-location
directory ([Blueriq installation directory]\Runtime) - backup any config files you have altered under [Blueriq installation directory]\Services
before you start the upgrade.
3. Artifacts
The Blueriq artifacts are available under name: 15.13.5.1528
This release includes these versions of Blueriq components with a separate life cycle:
Component |
Version |
---|---|
Customer Data Service | 4.1.10 |
DCM Lists Service | 2.4.4 |
Material Theme | 1.1.11 |
Development tools frontend | 1.5.5 |
DCM Maintenance App | 2.1.21 |
Audit Consumer | 0.1.11 |
DCM Dashboard Service | 0.1.5 |
Gateway Service | 0.1.9 |
Document Renderer | 1.1.2 |
4. Libraries
In this release, the set of third party libraries that is used by Blueriq was updated. When your installation of Blueriq includes custom components (artifacts that do not ship with Blueriq, such as proprietary plugins), those components should be tested for compatibility with these changes.
5. Retirement announcement
For this release there are no specific retirement announcements.
For a full list of deprecated features, go to Deprecated features.
6. Bug fixes
Identifier |
Component |
Issue |
Solution |
---|---|---|---|
BQ-20797 |
Tomcat |
The Tomcat server that was bundled with the Blueriq installer was vulnerable to CVE-2023-28709. |
Tomcat has been updated to address the vulnerability. |
BQ-20769 |
Runtime |
CVE-2023-20862 was detected for Spring security |
Fixed upgrading to the latest Spring boot version |
BQ-20768 |
Runtime |
CVE-20873 was detected for Spring boot |
Fixed by upgrading Spring boot to the latest versions |
BQ-20749 |
Studio |
Various CVEs (CVE-2020-1045, CVE-2022-29117, CVE-2017-11770) were reported for the Studio backend, but none were applicable to the .NET version used by Blueriq |
Suppressed the specific CVEs |
BQ-20747 |
Audit Consumer, Customer Data Service, DCM Dashboard, DCM Lists Service, Gateway, Runtime, Maintenance App |
CVE-2023-33201 detected for bouncy-castle lower than 1.73 |
Upgraded to version 1.76 |
CSD-4853 |
Audit Consumer, Customer Data Service, DCM Lists Service, Runtime, Maintenance App |
CVE-2023-34034 was detected for Spring security |
Blueriq is not affected by CVE-2023-34034 since we do not use '**' matchers and certainly not with Spring WebFlux. Nevertheless we have upgrade the Spring dependencies to version that are no longer affected by this CVE. |
BQ-20679 |
Encore |
After removing the root node in a content item, the buttons for adding an inline text item node or an image nod did not add the node. |
The buttons correctly add the root node when clicked. |
CSD-4810 |
Encore |
Complex aggregates were prone to infinite cycles, crashing the application |
Introduced better checks for infinite cycles, preventing crashes |
BQ-20565 |
Case engine |
When a non-existent case is tried to read, the service does not end in the "caseNotFound" exit of the service call. Instead, it logs: "Could not load aggregate into profile because the aggregate does not exist in the case" and continues the default exit node |
Case Engine returns proper error code and HTTP status |
7. Known issues
For an overview of known issue please refer to: Known issues